u/Individual-Gas5276

We grew up navigating the wild west of the early internet. Back in the day, scams were obvious (the classic Nigerian Prince or glaring spelling mistakes). I always prided myself on being the one my family comes to for tech help.

But honestly? The new wave of AI-generated phishing and fake websites is getting scary. I was doing a random interactive quiz online today that tests your ability to spot modern cyber threats, and I actually failed one of the scenarios. It was a fake login page that looked indistinguishable from the real one.

It completely humbled me. Has anyone else had that "oh wow, I almost fell for that" moment recently? How do you keep your scam-radar sharp these days?

I’m at my wit's end here. My dad uses a MacBook Air (latest macOS), and overall, he’s fine. But he has a major blind spot for phishing emails. Recently, he clicked a fake "iCloud Storage Full" link and almost entered his Apple ID credentials. The page looked incredibly convincing. I thought Safari’s built-in fraudulent site warning or macOS Gatekeeper would catch this, but it just let him right through to the fake landing page. What is the best technical way to lock this down at the system or browser level? I've already set him up with a non-admin account, but that doesn't stop him from typing his password into a fake website. Should I be changing his DNS settings (like NextDNS or Quad9)? Or is there a specific macOS configuration I'm missing that intercepts these malicious URLs before the page renders?

Any advice on hardening his Mac against social engineering would be highly appreciated.

As Mac users, we usually don't worry too much about traditional malware. But lately, the amount of highly targeted social engineering and phishing attacks I see is alarming.

I recently saw a fake "iCloud Storage Full" and an "Apple ID locked" email that looked 100% identical to the real ones. Even the landing pages were almost perfect clones. It made me realize that standard macOS protections (like XProtect) don't really do much against a malicious link you click yourself.

What’s your strategy for dealing with this? Especially if you manage Macs for older relatives who might easily fall for these fake Apple prompts. Are there any good, lightweight macOS tools specifically focused on catching phishing links before the page even loads, without bogging down the system??